<?php

defined('IN_IA') or exit('Access Denied');
load()->model('user');
load()->func('file');
load()->classs('oauth2/oauth2client');
load()->model('setting');

$dos = array('base', 'post', 'bind', 'validate_mobile', 'bind_mobile', 'unbind', 'check_mobile_sms_code', 'change_mobile');
$do = in_array($do, $dos) ? $do : 'base';

if ('post' == $do) {
    $type = trim($_GPC['type']);
    $extra_filed_key = safe_gpc_string($_GPC['extra_field_key']);
    $extra_filed_val = safe_gpc_string($_GPC['extra_field_val']);
    if ($_W['isfounder']) {
        $uid = is_array($_GPC['uid']) ? 0 : intval($_GPC['uid']);
    } else {
        $uid = $_W['uid'];
    }
    if (empty($uid) || empty($type)) {
        iajax(-1, '参数错误，请刷新后重试！', '');
    }
    $user = user_single($uid);
    if (empty($user)) {
        iajax(-1, '用户不存在或已经被删除！', '');
    }

    if (USER_STATUS_CHECK == $user['status'] || USER_STATUS_BAN == $user['status']) {
        iajax(-1, '访问错误，该用户未审核或者已被禁用，请先修改用户状态！', '');
    }

    $users_profile_exist = table('users_profile')->getByUid($uid);
    if ('birth' == $type) {
        if ($users_profile_exist['year'] == $_GPC['year'] && $users_profile_exist['month'] == $_GPC['month'] && $users_profile_exist['day'] == $_GPC['day']) {
            iajax(0, '未作修改！', '');
        }
    } elseif ('reside' == $type) {
        if ($users_profile_exist['province'] == $_GPC['province'] && $users_profile_exist['city'] == $_GPC['city'] && $users_profile_exist['district'] == $_GPC['district']) {
            iajax(0, '未作修改！', '');
        }
    } else {
        if (in_array($type, array('username', 'password', 'welcome_link'))) {
            if ($user[$type] == $_GPC[$type] && 'password' != $type) {
                iajax(0, '未做修改！', '');
            }
        } else {
            if ($users_profile_exist[$type] == $_GPC[$type] && empty($extra_filed_key)) {
                iajax(0, '未作修改！', '');
            }
        }
    }
    switch ($type) {
        case 'avatar':
        case 'realname':
        case 'address':
        case 'qq':
        case 'mobile':
            if ('mobile' == $type) {
                $match = preg_match(REGULAR_MOBILE, trim($_GPC[$type]));
                if (empty($match)) {
                    iajax(-1, '手机号不正确', '');
                }
                $users_mobile = pdo_get('users_profile', array('mobile' => trim($_GPC[$type]), 'uid <>' => $uid));
                $bind_mobile = pdo_get('users_bind', array('bind_sign' => trim($_GPC[$type]), 'uid <>' => $uid));
                if (!empty($users_mobile) || !empty($bind_mobile)) {
                    iajax(-1, '手机号已存在，请联系管理员', '');
                }
            }
            if ($users_profile_exist) {
                $result = pdo_update('users_profile', array($type => trim($_GPC[$type])), array('uid' => $uid));
            } else {
                $data = array(
                    'uid'        => $uid,
                    'createtime' => TIMESTAMP,
                    $type        => safe_gpc_string($_GPC[$type]),
                );
                $result = pdo_insert('users_profile', $data);
            }
            if ('mobile' == $type) {
                $data = array(
                    'uid'            => $uid,
                    'bind_sign'      => trim($_GPC[$type]),
                    'third_nickname' => trim($_GPC[$type]),
                    'third_type'     => USER_REGISTER_TYPE_MOBILE,
                );
                $users_bind_exist = pdo_get('users_bind', array('uid' => $uid, 'third_type' => USER_REGISTER_TYPE_MOBILE));
                if ($users_bind_exist) {
                    $result_bind = pdo_update('users_bind', $data, array('uid' => $uid, 'third_type' => USER_REGISTER_TYPE_MOBILE));
                } else {
                    $result_bind = pdo_insert('users_bind', $data);
                }
                if (!$result_bind) {
                    iajax(-1, '操作失败，请联系管理员解决！', '');
                }
            }
            break;
        case 'username':
            if (!$_W['isadmin'] && $_W['uid'] != $user['owner_uid']) {
                iajax(-1, '无权限修改，请联系网站创始人！');
            }
            $username = safe_gpc_string($_GPC['username']);
            $name_exist = pdo_get('users', array('username' => $username));
            if (!empty($name_exist)) {
                iajax(-1, '用户名已存在，请更换其他用户名！', '');
            }
            $result = pdo_update('users', array('username' => $username), array('uid' => $uid));
            break;
        case 'vice_founder_name':
            $userinfo = user_single(array('username' => safe_gpc_string($_GPC['vice_founder_name'])));

            if (empty($userinfo) || ACCOUNT_MANAGE_GROUP_VICE_FOUNDER != $userinfo['founder_groupid']) {
                iajax(-1, '用户不存在或该用户不是副创始人', '');
            }
            pdo_update('users', array('owner_uid' => $userinfo['uid']), array('uid' => $uid));
            $founder_own_user_table = table('users_founder_own_users');
            $founder_own_user_exists = $founder_own_user_table->getFounderByUid($uid);

            if (!empty($founder_own_user_exists)) {
                $result = $founder_own_user_table->updateOwnUser($uid, $userinfo['uid']);
            } else {
                $result = $founder_own_user_table->addOwnUser($uid, $userinfo['uid']);
            }


            if ($result) {
                $uni_account_users = table('uni_account_users');
                $synchronize_data = $uni_account_users->where(array('uid' => $uid, 'role' => 'owner'))->getall('uniacid');
                if (!empty($synchronize_data)) {
                    foreach ($synchronize_data as $k => $v) {
                        $founder_id = '';
                        $founder_id = table('uni_account_users')->where(array('uniacid' => $k, 'role' => 'vice_founder'))->getcolumn('id');

                        if ($founder_id) {
                            $uni_account_result = table('uni_account_users')->where(array('id' => $founder_id))->fill(array('uid' => $userinfo['uid']))->save();
                        } else {
                            $save_data = array(
                                'uniacid'    => $k,
                                'uid'        => $userinfo['uid'],
                                'role'       => 'vice_founder',
                                'rank'       => 0,
                                'createtime' => 0
                            );
                            $uni_account_result = table('uni_account_users')->fill($save_data)->save();
                        }
                    }
                }
            }

            break;
        case 'remark':
            $result = pdo_update('users', array('remark' => safe_gpc_string($_GPC['remark'])), array('uid' => $uid));
            break;
        case 'welcome_link':
            $welcome_link = intval($_GPC['welcome_link']);
            $result = pdo_update('users', array('welcome_link' => $welcome_link), array('uid' => $uid));
            break;
        case 'password':
            if ($_GPC['newpwd'] !== $_GPC['renewpwd']) {
                iajax(-1, '两次密码不一致！', '');
            }
            $_GPC['newpwd'] = safe_gpc_string($_GPC['newpwd']);
            $check_safe = safe_check_password($_GPC['newpwd']);
            if (is_error($check_safe)) {
                iajax(-1, $check_safe['message']);
            }

            if (!$_W['isfounder'] && empty($user['register_type'])) {
                $pwd = user_password($_GPC['oldpwd'], $uid);
                $pwd_hash = user_password_hash($pwd, $uid);
                if ($pwd_hash != $user['hash']) {
                    iajax(-1, '原密码不正确！', '');
                }
            }
            $newpwd = user_password($_GPC['newpwd'], $uid);
            $newpwd_hash = user_password_hash($newpwd, $uid);
            if ($newpwd_hash == $user['hash']) {
                iajax(0, '未作修改！', '');
            }
            $result = pdo_update('users', array('password' => $newpwd), array('uid' => $uid));
            break;
        case 'endtime':
            if (!$_W['isfounder']) {
                iajax(-1, '无权限操作！');
            }
            if (1 == $_GPC['endtype']) {
                $endtime = 0;
            } else {
                $endtime = strtotime($_GPC['endtime']);
            }
            if (user_is_vice_founder() && !empty($_W['user']['endtime']) && ($endtime > $_W['user']['endtime'] || empty($endtime))) {
                iajax(-1, '副创始人给用户设置的时间不能超过自己的到期时间');
            }
            $result = pdo_update('users', array('endtime' => $endtime), array('uid' => $uid));
            pdo_update('users_profile', array('send_expire_status' => 0), array('uid' => $uid));
            $uni_account_user = pdo_getall('uni_account_users', array('uid' => $uid, 'role' => 'owner'));
            if (!empty($uni_account_user)) {
                foreach ($uni_account_user as $account) {
                    cache_delete(cache_system_key('uniaccount', array('uniacid' => $account['uniacid'])));
                }
            }
            break;
        case 'birth':
            if ($users_profile_exist) {
                $result = pdo_update('users_profile', array('birthyear' => intval($_GPC['year']), 'birthmonth' => intval($_GPC['month']), 'birthday' => intval($_GPC['day'])), array('uid' => $uid));
            } else {
                $data = array(
                    'uid'        => $uid,
                    'createtime' => TIMESTAMP,
                    'birthyear'  => intval($_GPC['year']),
                    'birthmonth' => intval($_GPC['month']),
                    'birthday'   => intval($_GPC['day']),
                );
                $result = pdo_insert('users_profile', $data);
            }
            break;
        case 'reside':
            $province = safe_gpc_string($_GPC['province']);
            $city = safe_gpc_string($_GPC['city']);
            $district = safe_gpc_string($_GPC['district']);
            if ($users_profile_exist) {
                $result = pdo_update('users_profile', array('resideprovince' => $province, 'residecity' => $city, 'residedist' => $district), array('uid' => $uid));
            } else {
                $data = array(
                    'uid'            => $uid,
                    'createtime'     => TIMESTAMP,
                    'resideprovince' => $province,
                    'residecity'     => $city,
                    'residedist'     => $district,
                );
                $result = pdo_insert('users_profile', $data);
            }
            break;
        default:
            $allow_fields = array(
                'realname', 'nickname', 'avatar', 'qq', 'mobile', 'gender', 'birthyear', 'birthmonth', 'birthday', 'constellation', 'zodiac', 'idcard', 'studentid', 'grade', 'address', 'zipcode', 'nationality', 'resideprovince', 'residecity', 'residedist', 'graduateschool', 'company', 'education', 'occupation', 'position', 'revenue', 'affectivestatus', 'lookingfor', 'bloodtype', 'height', 'weight', 'alipay', 'msn', 'email', 'taobao', 'site', 'bio', 'interest',
            );
            if (empty($extra_filed_key) || !in_array($extra_filed_key, $allow_fields)) {
                iajax(-1, '参数错误', '');
            }
            if ($users_profile_exist) {
                $result = pdo_update('users_profile', array($extra_filed_key => $extra_filed_val), array('uid' => $uid));
            } else {
                $data = array(
                    'uid'            => $uid,
                    $extra_filed_key => $extra_filed_val,
                );
                $result = pdo_insert('users_profile', $data);
            }
            break;
    }
    if ($result) {
        pdo_update('users_profile', array('edittime' => TIMESTAMP), array('uid' => $uid));
        $type == 'password' ? iajax(0, '修改成功,请重新登录!', url('user/login')) : iajax(0, '修改成功！', '');
    } else {
        iajax(-1, '修改失败，请稍候重试！', '');
    }
}

if ('base' == $do) {
    $user_type = !empty($_GPC['user_type']) ? trim($_GPC['user_type']) : PERSONAL_BASE_TYPE;
    $user = $_W['user'];
    $user['last_visit'] = date('Y-m-d H:i:s', $user['lastvisit']);
    $user['joindate'] = date('Y-m-d H:i:s', $user['joindate']);
    $user['url'] = user_invite_register_url($_W['uid']);

    $profile = pdo_get('users_profile', array('uid' => $_W['uid']));
    $profile = user_detail_formate($profile);

    $redirect_urls = array(
        array('id' => WELCOME_DISPLAY_TYPE, 'name' => '用户欢迎页'),
        array('id' => PLATFORM_DISPLAY_TYPE, 'name' => '最后进入的平台或应用'),
    );
    $support_login_urls = user_support_urls();

    $lists = table('users_bind')->getAllByUid($_W['uid']);
    $bind_qq = array();
    $bind_wechat = array();
    $bind_mobile = array();
    if (!empty($lists)) {
        foreach ($lists as $list) {
            switch ($list['third_type']) {
                case USER_REGISTER_TYPE_QQ:
                    $bind_qq = $list;
                    break;
                case USER_REGISTER_TYPE_WECHAT:
                    $bind_wechat = $list;
                    break;
                case USER_REGISTER_TYPE_MOBILE:
                    $bind_mobile = $list;
                    break;
            }
        }
    }

    $endtime = $user['endtime'];
    if (USER_ENDTIME_GROUP_EMPTY_TYPE == $endtime || USER_ENDTIME_GROUP_UNLIMIT_TYPE == $endtime) {
        $endtime = '永久';
    } else {
        $endtime = date('Y-m-d', $endtime);
    }

    $setting_sms_sign = setting_load('site_sms_sign');
    $bind_sign = !empty($setting_sms_sign['site_sms_sign']['register']) ? $setting_sms_sign['site_sms_sign']['register'] : '';

    template('user/profile');
}

if ('bind' == $do) {
    $setting_sms_sign = setting_load('site_sms_sign');
    $bind_sign = !empty($setting_sms_sign['site_sms_sign']['register']) ? $setting_sms_sign['site_sms_sign']['register'] : '';

    $user = table('users')->getById($_W['uid']);
    $user_profile = table('users_profile')->getByUid($_W['uid']);

    $bind_info = table('users_bind')->getAllByUid($_W['uid']);

    $signs = array_keys($bind_info);

    if (!empty($user['openid']) && !in_array($user['openid'], $signs)) {
        pdo_insert('users_bind', array('uid' => $user['uid'], 'bind_sign' => $user['openid'], 'third_type' => $user['register_type'], 'third_nickname' => $user_profile['nickname']));
    }

    if (!empty($user_profile['mobile']) && !in_array($user_profile['mobile'], $signs)) {
        pdo_insert('users_bind', array('uid' => $user_profile['uid'], 'bind_sign' => $user_profile['mobile'], 'third_type' => USER_REGISTER_TYPE_MOBILE, 'third_nickname' => $user_profile['mobile']));
    }

    $lists = table('users_bind')->getAllByUid($_W['uid']);

    $bind_qq = array();
    $bind_wechat = array();
    $bind_mobile = array();

    if (!empty($lists)) {
        foreach ($lists as $list) {
            switch ($list['third_type']) {
                case USER_REGISTER_TYPE_QQ:
                    $bind_qq = $list;
                    break;
                case USER_REGISTER_TYPE_WECHAT:
                    $bind_wechat = $list;
                    break;
                case USER_REGISTER_TYPE_MOBILE:
                    $bind_mobile = $list;
                    break;
            }
        }
    }

    $support_login_urls = user_support_urls();

    template('user/bind');
}

if (in_array($do, array('validate_mobile', 'bind_mobile')) || USER_REGISTER_TYPE_MOBILE == $_GPC['bind_type'] && 'unbind' == $do) {
    $user_bind = table('users_bind')->getByTypeAndUid(USER_REGISTER_TYPE_MOBILE, $_W['uid']);

    $mobile = safe_gpc_string($_GPC['mobile']);
    $type = trim($_GPC['type']);

    $mobile_exists = table('users_profile')->where('uid !=', $_W['uid'])->getByMobile($mobile);
    if (empty($mobile)) {
        iajax(-1, '手机号不能为空');
    }
    if (!preg_match(REGULAR_MOBILE, $mobile)) {
        iajax(-1, '手机号格式不正确');
    }

    if (!empty($type) && $mobile != $user_bind['bind_sign']) {
        iajax(-1, '请输入已绑定的手机号');
    }

    if (empty($type) && !empty($mobile_exists)) {
        iajax(-1, '手机号已存在');
    }
}
if ('validate_mobile' == $do) {
    $user = array('username' => safe_gpc_string($_GPC['mobile']));
    $mobile_exists = user_check($user);
    if ($mobile_exists) {
        iajax(-1, '手机号已经存在');
    }
    iajax(0, '本地校验成功');
}

if ('bind_mobile' == $do) {
    if ($_W['isajax'] && $_W['ispost']) {
        $bind_info = OAuth2Client::create('mobile')->bind();

        $user = array('username' => safe_gpc_string($_GPC['mobile']));
        $mobile_exists = user_check($user);
        if ($mobile_exists) {
            iajax(-1, '手机号已经存在');
        }

        if (is_error($bind_info)) {
            iajax(-1, $bind_info['message']);
        }
        iajax(0, '绑定成功', url('user/profile/bind'));
    } else {
        iajax(-1, '非法请求');
    }
}

if ('change_mobile' == $do) {
    $step = 1;
    $bind_mobile = table('users_bind')->getByTypeAndUid(USER_REGISTER_TYPE_MOBILE, $_W['uid']);
    $setting_sms_sign = setting_load('site_sms_sign');
    $bind_sign = !empty($setting_sms_sign['site_sms_sign']['register']) ? $setting_sms_sign['site_sms_sign']['register'] : '';
    template('user/change-mobile');
}

if ('check_mobile_sms_code' == $do) {
    if ($_W['isajax'] && $_W['ispost']) {
        $check_result = OAuth2Client::create('mobile')->paramValidate();
        if (is_error($check_result)) {
            iajax(-1, $check_result['message']);
        }
        $check_authcode = authcode(safe_gpc_string($_GPC['mobile']), 'ENCODE');
        $message = array(
            'message'        => '验证成功',
            'check_authcode' => $check_authcode
        );
        iajax(0, $message);
    } else {
        iajax(-1, '非法请求');
    }
}

if ('unbind' == $do) {
    $types = array(1 => 'qq', 2 => 'wechat', 3 => 'mobile');
    if (!in_array($_GPC['bind_type'], array(USER_REGISTER_TYPE_QQ, USER_REGISTER_TYPE_WECHAT, USER_REGISTER_TYPE_MOBILE))) {
        iajax(-1, '类型错误');
    }
    $bind_type = $types[$_GPC['bind_type']];
    if ($_W['isajax'] && $_W['ispost']) {
        $unbind_info = OAuth2Client::create($bind_type, $_W['setting']['thirdlogin'][$bind_type]['appid'], $_W['setting']['thirdlogin'][$bind_type]['appsecret'])->unbind();

        if (is_error($unbind_info)) {
            iajax(-1, $unbind_info['message']);
        }
        $settings = $_W['setting']['copyright'];
        if ($_W['isadmin'] && $settings['login_verify_status']) {
            $settings['login_verify_status'] = 0;
            setting_save($settings, 'copyright');
        }
        iajax(0, '解绑成功', url('user/profile/bind'));
    }
    iajax(-1, '非法请求');
}